chore(deps): bump the github-actions group across 1 directory with 3 updates#3345
chore(deps): bump the github-actions group across 1 directory with 3 updates#3345dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
…updates Bumps the github-actions group with 3 updates in the / directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/setup-node](https://github.com/actions/setup-node). Updates `aws-actions/configure-aws-credentials` from 4.0.2 to 6.0.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@e3dd6a4...8df5847) Updates `actions/upload-artifact` from 4.6.2 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...bbbca2d) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@6044e13...53b8394) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| - name: upload-testmon-cache-candidate | ||
| if: success() && github.event_name == 'merge_group' && hashFiles('.testmondata') != '' | ||
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | ||
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 |
There was a problem hiding this comment.
Upload v7 / Download v4 artifact version mismatch across workflows
Medium Severity
The testmon cache candidate artifacts are now uploaded with actions/upload-artifact@v7.0.0, but the downstream tidy3d-testmon-cache-promote.yml workflow still downloads them using actions/download-artifact@v4.3.0. Dependabot didn't update download-artifact because it's in a separate file not included in this PR. While zipped artifacts may still be cross-compatible, this three-major-version gap risks silent failures in the cache promotion pipeline. The download-artifact in tidy3d-testmon-cache-promote.yml needs to be updated to match.
Additional Locations (1)
Diff CoverageDiff: origin/develop...HEAD, staged and unstaged changesNo lines with coverage information in this diff. |
Bumps the github-actions group with 3 updates in the / directory: aws-actions/configure-aws-credentials, actions/upload-artifact and actions/setup-node.
Updates
aws-actions/configure-aws-credentialsfrom 4.0.2 to 6.0.0Release notes
Sourced from aws-actions/configure-aws-credentials's releases.
... (truncated)
Changelog
Sourced from aws-actions/configure-aws-credentials's changelog.
... (truncated)
Commits
8df5847chore(deps): bump fast-xml-parser and@aws-sdk/xml-builder(#1640)d22a0f8chore(deps-dev): bump@types/nodefrom 25.0.10 to 25.2.0 (#1635)f7b8181chore(main): release 6.0.0 (#1641)c367a6achore: integ tests manual option (#1639)7ceaf96fix: correct outputs for role chaining (#1633)a7a2c11feat!: update action to use node24 (#1632)6e3375dchore: remove release-please release automation (#1631)98abed7chore: add workflow_dispatch trigger to release workflow (#1630)bf3adbbchore: Update distdb43b8bchore: re-run linterUpdates
actions/upload-artifactfrom 4.6.2 to 7.0.0Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEddc45eddocs: update README to correct action name for Node.js 24 support615b319chore: release v6.0.0 for Node.js 24 support017748bMerge pull request #744 from actions/fix-storage-blob38d4c79chore: rebuild distUpdates
actions/setup-nodefrom 6.2.0 to 6.3.0Release notes
Sourced from actions/setup-node's releases.
Commits
53b8394Bump minimatch from 3.1.2 to 3.1.5 (#1498)54045abScope test lockfiles by package manager and update cache tests (#1495)c882bffReplace uuid with crypto.randomUUID() (#1378)774c1d6feat(node-version-file): support parsingdevEnginesfield (#1283)efcb663fix: remove hardcoded bearer (#1467)d02c89dFix npm audit issues (#1491)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsNote
Medium Risk
CI workflows now use newer major versions of
aws-actions/configure-aws-credentialsandactions/upload-artifact(Node 24-based), which may break on outdated/self-hosted runners or change action behavior during credential setup and artifact uploads.Overview
Updates pinned GitHub Actions versions across CI workflows.
Bumps
aws-actions/configure-aws-credentialstov6.0.0wherever AWS CodeArtifact credentials are configured, updatesactions/upload-artifacttov7.0.0for build/test cache artifact uploads, and bumpsactions/setup-nodetov6.3.0in the commitlint job.Written by Cursor Bugbot for commit 4351cbd. This will update automatically on new commits. Configure here.